The PIX 501 does not support VLAN's, if you have to have 2 VLANS's, you could use a router. If you have a router in the network or lying about doing nothing, you can configure the router to be the routing device between the VLAN's. You could also use any kind of switch that supports layer 3 routing?
You can purchase a 506 - that will give you the vlan funtionality, and you could buy a L3 switch which will also give you vlan capabilities.
However if you want to keep the costs down - you could just buy a router, which will give you all the inter-vlan routing capability you need....as long as you have a switch that supports 802.1q vlan trunking?
If not - you would be better off with a L3 switch!
Agree with Steven, most if not all of our recommendations to clients is to use the newer asa firewall products in a migration path, beside, not will the asa5505 provide you with up to 20 virtual interfaces with Sec plus license, but other numerous features pix code 6.3(5) does not come close to providing.
Ultimatelly the pix 506 cannot go beyond code 6.3(5) and probably give you up to 2 vlans maximun, and from clients experience out there they end up in a dead lock when needing new features, you want to have a product in your network whether is small that would be able to move forward with 7.x/8.x codes.
If the above is not of a concern at all, then what Andrew sugested would work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...